A Key-Signing page has been set up to manage the collection of public keys. REN-ISAC members can log in using their REN-ISAC credentials. Non-REN-ISAC members can email soc@ren-isac.net to get a username/password for the Key-Signing page or email a copy of their public key to Ken Connelly or Brian Epstein for inclusion in the keyring.

ALL Educause Security Conference attendees are welcome to join the event - it's not limited to REN-ISAC members

Before 12:00pm (noon) the day of the event:

In order to share your public key information at the event you must complete the following three steps before 12:00pm the day of the event. If the steps aren't completed, you can participate in the confirmation of other persons' keys, but cannot share your own.

If you're using the Thunderbird mail client and choose GnuPG, you'll probably want to use the EnigMail interface extension.

Extract your PGP Public Key. Refer to your PGP software's documentation for details; you are looking for a public (not private!) key extracted in "ASCII-armoured" format.

Add your Public Key to the event keyring. Do this by going to the Key-Signing page, clicking on "Add new GPG Key", then either

click on I want to submit a key block and pasting your ASCII armored public key block

click on I want to upload a key (.asc) file and upload a file containing your ASCII armored public key

Attending the Key-Signing Party

You must bring:

Sufficient photo-id to convince others that you are who you claim to be (e.g. drivers licence, passport).

A printed copy of your PGP public key fingerprint, from a known-trusted copy of your key, or other trusted means to be able to recite your public key fingerprint.

A pen.

Pick up a copy of the keyring printout from the pile. Locate your own key on the printout.

In turn, each of those attending the party introduce themselves by name, and indicate which key (or keys) on the keyring printout is theirs. They then read out their key fingerprint from their own trusted copy, and everybody verifies that this agrees with the fingerprint listed on the keyring printout. Make a notation on your copy of the printout for each "fingerprint verified" in this step.

Once everyone has had a chance to read out their key fingerprints, people then proceed to introduce themselves to people they don't already know, and allow their identities to be verified (e.g. against photo id). Make a final notation on your keyring printout for each "identity verified".

The Day After or Beyond

At some point after the key signing party, using your keyring printout as a guide, you should sign the keys whose authenticity you were able to check. This strengthens the web of trust, and makes PGP more useful.